General
-
Target
3ff18431ade299b48e8b582611d87ca7309600d381e6aabfcbd002564219a002
-
Size
436KB
-
Sample
220630-wjd6gsgfh3
-
MD5
92da801f6ecd5c19af68d5cac87995af
-
SHA1
12cd0ee9f1f7d1c2ebd331b4c2566069c5c4e485
-
SHA256
3ff18431ade299b48e8b582611d87ca7309600d381e6aabfcbd002564219a002
-
SHA512
3492b2198fba546e2d608f2735b476e14603d30a59b47650f7c60420284e57e5db705e53a93470398cd5f03c5211e980ef81293ef982beeda241948bf49c06cc
Static task
static1
Behavioral task
behavioral1
Sample
3ff18431ade299b48e8b582611d87ca7309600d381e6aabfcbd002564219a002.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3ff18431ade299b48e8b582611d87ca7309600d381e6aabfcbd002564219a002.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://185.165.29.49/enesb/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3ff18431ade299b48e8b582611d87ca7309600d381e6aabfcbd002564219a002
-
Size
436KB
-
MD5
92da801f6ecd5c19af68d5cac87995af
-
SHA1
12cd0ee9f1f7d1c2ebd331b4c2566069c5c4e485
-
SHA256
3ff18431ade299b48e8b582611d87ca7309600d381e6aabfcbd002564219a002
-
SHA512
3492b2198fba546e2d608f2735b476e14603d30a59b47650f7c60420284e57e5db705e53a93470398cd5f03c5211e980ef81293ef982beeda241948bf49c06cc
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-